gss_export_sec_context(3) — Subroutines
NAME
gss_export_sec_context − Prepare security context for transfer to another process.
SYNOPSIS
#include <gssapi/gssapi.h>
OM_uint32 gss_export_sec_context(
OM_uint32 ∗ minor_status,
gss_ctx_id_t ∗ context_handle,
gss_buffer_t interprocess_token );
PARAMETERS
minor_status
Kerberos 5 error code.
context_handle
Security context to be transferred. After the context is transferred, this parameter is set to GSS_C_NO_CONTEXT.
interprocess_token
Token to be transferred to the target process.
The application must release the storage associated with the token after use with a call to gss_release_buffer().
DESCRIPTION
The gss_export_sec_context() function prepares a security context for transfer to another process. It is typically used by the context acceptor in an application where a single process receives incoming connection requests and accepts security contexts over them. The initial process then passes the established context to another process for message exchange.
This function disables the security context for the calling process and creates an interprocess token that, when passed to gss_import_sec_context() in another process, re-enables the context in the second process. Only a single instance of a given security context may be active at any time; a subsequent attempt by a context exporter to access the exported security context will fail.
The interprocess token may contain security-sensitive information such as a cryptographic key. Therefore, the application must take care to protect the interprocess token and to ensure that any process to which the token is transferred is trustworthy. In addition, this token should not be transferred over a network in an insecure manner.
If creation of the interprocess token is successful, all process-wide resources associated with the security context are deallocated and the context_handle parameter is set to GSS_C_NO_CONTEXT. The security context is not deleted until the exported security context token is created. If an error occurs that makes it impossible to complete the export of the security context, the original context is returned unchanged.
After use, the application must release the storage associated with the token with a call to gss_release_buffer().
RETURN VALUES
| GSS_S_CALL_INACCESSIBLE_READ | 01xxxxxx |
| GSS_S_CALL_INACCESSIBLE_WRITE | 02xxxxxx |
| GSS_S_COMPLETE | 00000000 |
| GSS_S_FAILURE | xx0Dxxxx |
| GSS_S_NO_CONTEXT | xx08xxxx |
| GSS_S_UNAVAILABLE | xx10xxxx |
PORTABILITY CONSIDERATIONS
This function exports a token that can only be shared with other HP Application Security SDK implementations.
SEE ALSO
Functions: gss_accept_sec_context(3), gss_import_sec_context(3), gss_init_sec_context(3), gss_release_buffer(3)